[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Apr 2016 16:24:52 +0200
From: Martin Prpic <mprpic@...hat.com>
To: "OSS Security Mailinglist" <oss-security@...ts.openwall.com>
Subject: CVE request: three issues in libksba
Hi,
Can CVEs please be assigned to these three issues (unless they've
already been assigned and I failed to find them):
Denial of Service due to stack overflow in src/ber-decoder.c
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a
Integer overflow in the BER decoder src/ber-decoder.c
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
Integer overflow in the DN decoder src/dn.c
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
A Gentoo advisory lists them as being fixed in version 1.3.3 and higher:
https://lwn.net/Alerts/685271/
Thank you!
--
Martin Prpič / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
